security: multi-process: Summary slide and minor fixes

Signed-off-by: Holger Dengler <dengler@linutronix.de>

1 files changed, 53 insertions, 23 deletions

diff --git a/security/advanced/frm_multiuser_dac.tex b/security/advanced/frm_multiuser_dac.tex
index 8085466..9e8b931 100644
--- a/security/advanced/frm_multiuser_dac.tex
+++ b/security/advanced/frm_multiuser_dac.tex
@@ -9,7 +9,7 @@
 \item Process(es) inherit user privileges
 \end{itemize}
 \begin{beamerboxesrounded}[shadow=true]{Tools:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 # Add new user (interactive)
 adduser <new_user>
@@ -24,7 +24,7 @@ su <user_name>
 # Run command as superuser (root)
 sudo <command>
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -38,7 +38,7 @@ sudo <command>
 \item User can change group dynamically (password required)
 \end{itemize}
 \begin{beamerboxesrounded}[shadow=true]{Tools:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 # Add new group
 addgroup <new_group>
@@ -53,7 +53,7 @@ id
 # Switch group ID
 newgrp <group_name>
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -116,7 +116,7 @@ newgrp <group_name>
 \begin{frame}[fragile]
 \frametitle{Basic File Permissions: Example}
 \begin{beamerboxesrounded}[shadow=true]{Example}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 $ ls -l /dev/ttyS?
 crw-rw---- 1 root dialout 4, 64 Nov  5 08:14 /dev/ttyS0
@@ -137,7 +137,7 @@ crw-r----- 1 service test    4, 65 Nov  5 08:14 /dev/ttyS1
 crw-rw---- 1 root    dialout 4, 66 Nov  5 08:14 /dev/ttyS2
 crw-rw---- 1 root    dialout 4, 67 Nov  5 08:14 /dev/ttyS3
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -170,7 +170,7 @@ and Henry?
 \item A: Not mandatory.
 \end{itemize}
 \begin{beamerboxesrounded}[shadow=true]{Alternative Solution:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 mkdir /data/shared/project_x
 chown pm_admin:pm_admin /data/shared/project_x
@@ -178,7 +178,7 @@ setfacl -m user:sue:rwx /data/shared/project_x
 setfacl -m user:bob:rwx /data/shared/project_x
 setfacl -m user:henry:rwx /data/shared/project_x
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -186,7 +186,7 @@ setfacl -m user:henry:rwx /data/shared/project_x
 \begin{frame}[fragile]
 \frametitle{ACL: Example (2)}
 \begin{beamerboxesrounded}[shadow=true]{Result:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 getfacl /data/shared/project_x
 # file: data/shared/project_x/
@@ -200,7 +200,7 @@ group::r-x
 mask::rwx
 other::r-x
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -236,7 +236,7 @@ other::r-x
 \item Q: How can you prevent that?
 \end{itemize}
 \begin{beamerboxesrounded}[shadow=true]{Solution:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 sudo chattr +a /home/franz/.bash_history
 lsattr /home/franz/.bash_history
@@ -244,7 +244,7 @@ lsattr /home/franz/.bash_history
 rm /home/franz/.bash_history
 rm: cannot remove `/home/franz/.bash_history': Operation not permitted
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -294,31 +294,29 @@ rm: cannot remove `/home/franz/.bash_history': Operation not permitted
 \begin{frame}[fragile]
 \frametitle{UID/GID: Programming I}
 \begin{beamerboxesrounded}[shadow=true]{temporary change of Effective:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 printf("\nChange effective UID/GID back...\n");
 if(setegid(real_gid))
         /* error handling */;
 if(seteuid(real_uid))
         /* error handling */;
-print_resugid();
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \begin{beamerboxesrounded}[shadow=true]{and back again:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 printf("...and forth\n");
 if(seteuid(saved_uid))
         /* error handling */;
 if(setegid(saved_gid))
         /* error handling */;
-print_resugid();
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \begin{beamerboxesrounded}[shadow=true]{Drop finally:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 printf("\nChange finally to stored UID/GID“);
 printf(" (there is no way back)\n");
@@ -326,9 +324,8 @@ if(setregid(saved_gid, saved_gid))
         /* error handling */;
 if(setreuid(saved_uid, saved_uid))
         /* error handling */;
-print_resugid();
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
 
@@ -336,7 +333,7 @@ print_resugid();
 \begin{frame}[fragile]
 \frametitle{UID/GID: Programming II}
 \begin{beamerboxesrounded}[shadow=true]{Result:}
-\begin{tiny}
+\begin{scriptsize}
 \begin{verbatim}
 $ ls -l
 -rwsr-sr-x 1 dengler dengler 8480 Aug 19 17:22 ugid_to_stored
@@ -358,6 +355,39 @@ Change finally to stored UID/GID (there is no way back)
 eUID  1000 (rUID  1000, sUID  1000)
 eGID  1000 (rGID  1000, sGID  1000)
 \end{verbatim}
-\end{tiny}
+\end{scriptsize}
 \end{beamerboxesrounded}
 \end{frame}
+
+% ----------------------------
+\subsubsection{Summary}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Summary}
+\begin{itemize}
+\item Resource
+ \begin{itemize}
+ \item File, Directory, or Device-Node
+ \item assigned to User and Group
+ \end{itemize}
+\item Access Rules
+ \begin{itemize}
+ \item Permission Bits (base)
+ \item Access Control Lists (opt.)
+ \item Extended File Attributes (opt.)
+ \end{itemize}
+\item Process/Thread
+ \begin{itemize}
+ \item Resource Access: Effective UserID/GroupID
+ \item UIDs/GIDs for each Process/Thread
+ \item UID/GID are changeable
+ \item PAM: assign UID/GID, based on Authentication
+ \end{itemize}
+\item Conclusion
+ \begin{itemize}
+ \item Multi-User Support in Linux can be used to control Access to Data and
+       Device for Userspace Processes.
+ \end{itemize}
+\end{itemize}
+\end{frame}